On 5/22/2013 5:19 AM, Werner Koch wrote:
> The weakest link we have in the key protection is the passphrase -
> virtually nobody is able to remember a passphrase with 128 bit entropy
> and 256 bit is well out of scope.
It isn't that we can't memorize passphrases with 128 bits of entropy:
it's that doing so is hard. I have five separate passphrases with 128
bits of entropy (16 bytes from /dev/urandom piped through a Base64
encoder) which I'm required to use for various reasons. Keeping track
of them all is difficult and the every-six-months password change policy
is enough to make me fume with anger, but... it's certainly *possible*.
Frustrating, though, definitely.